New security risk with wifi. Not secure to use wifi. (1 Viewer)

[Gromett]

Sorry about the apocalyptic headline but I think this one is important for us Motorhomers more than anyone else.

(simplified so not technically complete)

SSL is the secure bit of the HTTP protocol, its the bit that encrypts your connection between your browser and the website you are visiting such as your bank.

There is currently a flaw in both the client side and the server side but this flaw requires a man in the middle attack which is normally very hard to do.

However us motorhomers would be more likely to come across this situation than most.

Open Wifi Points which are normally safe when using SSL are no longer so.

A hacker can set up a fake WiFi point at say McDonalds. When you connect to the wifi point he will redirect your traffic to the authentic wifi point and you won't know he is sitting in the middle of your traffic. This is trivial to do and anyone with a modicum of tech knowledge can do it.

Prior to this SSL bug that man in the middle could not view your data as it was encrypted. However this bug means that it is now possible for them to decrypt your traffic.

Here is the technical details.
https://www.openssl.org/news/secadv_20140605.txt

My recommendation.. Don't use open wifi points for any sensitive communications until this has been patched. Stick to 3G service for those things that need security. The Open SSL creators have released a patch and it is just waiting for downstream providers to patch their version and release. You then need to wait for the server owners to patch their installation. Banks should be pretty fast on this so I don't expect them to be vulnerable for long. However other sites may not be as fast to upgrade so be aware.

PLEASE NOTE. This only applies to open access points. Your home access point should be fine as you have control over that and it is unlikely that a hacker would attempt to trick you into connecting to a fake one. However in high traffic areas such as restaurants, coffee shops and airports etc it is a target rich environment for them.

If you are not sure if you can trust an access point for the moment don't.

If you have any questions fire away.

 

[Gromett]

Update:

I have been researching this bug to see if there is any mitigation I can do on my servers while I wait for the updated libraries from my upstream.

I have found out that not many browsers use the OpenSSL implementation of the SSL protocol. Microsoft for example write their own SSL stack. Firefox on Windows uses OpenSLL so is vulnerable.
Apple has two OS's and both are based on BSD in some way so it is possible for browsers on that platform to be using OpenSSL.

I don't have time to go through all the possible browser/OS combinations but you may want to check your setup and if you don't have OpenSSL and your browser doesn't use OpenSSL statically linked you may be ok. I will leave this to you to find out. However if in doubt work on the basis that you are vulnerable until you know better.

Please note this advice applies to devices as well as computers and laptops. Phone browsers, tablet browsers, netbooks, laptops and desktops.

 

[old-mo]

Does this apply.... to users of Dish to designated satellite users.. ?

^{_{Subscribers  do not see these advertisements}}

 

[Gromett]

Does this apply.... to users of Dish to designated satellite users.. ?

I am not sure what you mean? Do you have satellite internet? If you own the dish and modem and access this through your own wifi then no there is no issue. But you still want to upgrade as soon as it is available. If the wifi router is supplied by the satellite people ask them for a firmware upgrade if one is available.

 

[old-mo]

I am not sure what you mean? Do you have satellite internet? If you own the dish and modem and access this through your own wifi then no there is no issue. But you still want to upgrade as soon as it is available. If the wifi router is supplied by the satellite people ask them for a firmware upgrade if one is available.

Thanks...... Yes I own the dish and the Modem (On Motorhome) and pay a monthly subscription to beyonds SL...

Mo.

 

[LAM]

Inernet access ???????????

Hi all,

you may already be aware we are COMPLETE newbies to this MH stuff.
My other half has a mini ipad (not sure if she knows what to do with it !!??). Like the UK, do we have internet if advertised in France ? :thumb:

^{_{Subscribers  do not see these advertisements}}

 

[Deleted member 29692]

I think the general advice for a long time has been don't do anything important i.e. banking via an open access wifi point.

 

[LAM]

Wi Fi

Thank you Grommitt,

I think ( + hope ) you are responding to old-mo with all that technical stuff going on !
All I know is that my other half has a mini ipad + this will be our first time travelling to France in a rented MH and although I have researched it, like using 'aires' have not had much success in my results.
We regularly travel to Spain and are able to utilise the internet there so thought it would be equally the same in France.

 

[Gromett]

Thanks...... Yes I own the dish and the Modem (On Motorhome) and pay a monthly subscription to beyonds SL...

Mo.

ok, You should be fine. As a matter of course if it was me I would be checking for firmware upgrades to all components of the system. Satelite router/modem, wifi router etc. But not an immediate panic for you Mo.

^{_{Subscribers  do not see these advertisements}}

 

[Gromett]

Thank you Grommitt,

I think ( + hope ) you are responding to old-mo with all that technical stuff going on !
All I know is that my other half has a mini ipad + this will be our first time travelling to France in a rented MH and although I have researched it, like using 'aires' have not had much success in my results.
We regularly travel to Spain and are able to utilise the internet there so thought it would be equally the same in France.

For accessing the internet abroad you need to ask someone else I am afraid. Perhaps a fresh thread so we don't get mixed up?

I haven't been abroad in over 5 years now so my info is out of date sorry.

 

[Allanm]

We never use open wifi, but do use Fon and BT wifi hotspots. I would imagine these are secure?
Allan

 

[Deleted member 29692]

We never use open wifi, but do use Fon and BT wifi hotspots. I would imagine these are secure?
Allan

Not particularly, no. Better than completely open but not by much.

^{_{Subscribers  do not see these advertisements}}

 

[Welsh girl]

Thanks for the warning gromett.


Using a private vpn like boxon is ok I hope to keep me safe?
I use that more abroad than here as I now have all you can eat data from 3.

 

[Gromett]

We never use open wifi, but do use Fon and BT wifi hotspots. I would imagine these are secure?
Allan

Not really. If it is in a popular place it could be a target for MITM attack. Basically if you are not in control of the wifi router and haven't got he password stored then the risk is too high. Its a case of balancing risks. This method could even be used against you on your home router but it is unlikely you would be specifically targeted.

Here is an example of how it is done and what.
http://null-byte.wonderhowto.com/ho...wireless-access-point-eavesdrop-data-0147919/

Thanks for the warning gromett.


Using a private vpn like boxon is ok I hope to keep me safe?
I use that more abroad than here as I now have all you can eat data from 3.

Not really. If you are going through an open wifi point they can still sit in the middle and attack your VPN's SSL layer if it uses openSSL. The only exception to this is if the VPN is configured to only use high encryption levels and fail otherwise. You then not be able to get a connection and wouldn't know why.

 

[Gromett]

All the Linux distributions I have dealings with have released updated packages so servers should be updated by now for big sites.

Just be careful on the smaller sites if you want to spend money with them or do any other sensitive stuff.

^{_{Subscribers  do not see these advertisements}}